Menu > Articles de la revue de presse : - l'ensemble [tous | francophone] - par mots clé [tous] - par site [tous] - le tagwall [voir] - Top bi-hebdo de la revue de presse [Voir]

---

S'abonner au fil RSS global de la revue de presse

---

Présentation : After releasing 7 updates in 2010 in total of 16 security checks and 15 new features, here is the first Netsparker update of 2011. Anti-CSRF Token Support If you ever tried to test a website with strict anti-CSRF manually or automatically, you would know how irritating it can get. It is also very hard to exploit vulnerabilities in these applications where many tools do not support Anti-CSRF tokens. Netsparker 1.8.3.3 comes with Anti-CSRF token support in detection, confirmation and exploitation. By default, it automatically works with the following frameworks languages ASP.NET and ASP.NET MVC Struts2 ColdFusion PHP Symfony,CodeIgniter,Zend You can go to Settings F4 Attacking to configure it according to your custom applications. Enjoy Brute Force Support Now when Netsparker sees a resource that requires Basic, NTLM or Digest Authentication, it automatically tries a list of known username and passwords and reports if it manages to find a valid credential. You can change Brute Force related settings from Settings F4 Brute Force New Checks Frame Injection Possible Sensitive Files Detection Categories Log, Stats, Installation,Configuration,Administration, Database Backdoor Detection Tomcat Source Code Disclosure Tomcat Default Pages Identification Form Authentication Improvements AJAX support added to Form Authentication Netsparker supported AJAX in crawling since the first release however it wasn t supported in From Authentication and we finally addressed this issue RegEx option added to Signatures New Source Code View added Logged In Out Views improved Addressed an issue that where some characters such as ' cause problems in Configure Authentication if they are used in usernames or passwords Other Improvements Heuristic Binary Response Detection added. This will increase the speed and coverage of scans. Extension Blacklisting slightly changed. Now Netsparker determines automatically whether a URL is static or a dynamic file. New checks added to XSS Engine Confirmation added to external JS injection in XSS Engine An advanced Negative Match option added to Advanced Settings click to Settings while holding down Ctrl to enable Negative Matching option in Configure Form Authentication Minor charset related bugs addressed Basic Authentication issues were not reported if the user manually entered a Basic Authentication Vulnerable parameter was reported incorrectly in Permanent XSS issues If there is a Path or Internal IP Disclosures in HTTP Headers, Netsparker will report those as well Some issues were not reported if they were in 404 pages. Several other minor changes and improvements If you have a valid Netsparker Professional or Standard license, then all you need to do is, to click Help Check Updates to update to Netsparker s latest version.

Les mots clés de la revue de presse pour cet article : token
Les videos sur SecuObs pour les mots clés : token





Les derniers articles du site "Netsparker Web Application Security Scanner" :

- Web Application Security Basics - Keeping All Your Software Up To Date
- Security Weekly Talks About Web Application Security Automation with Netsparker CEO
- April 2016 - Netsparker Cloud Update
- April 2016 - Netsparker Desktop Update
- Scanning Parameter-Based Navigation Websites for Vulnerabilities
- VIDEO What is Netsparker An Interview with Ferruh Mavituna
- Excluding Parameters from a Web Security Scan
- Netsparker Cloud Updated with New Security Checks and Several Other Service Improvements
- Netsparker Desktop Updated with DROWN SSL TLS Security Check and More
- Infographic Statistics About the Security Scans of 396 Open Source Web Applications

---

S'abonner au fil RSS global de la revue de presse

---